[Owasp-leaders] universities teaching secure development

Constance Matthews cmatthews at microsolved.com
Mon Jun 10 20:10:00 UTC 2013


What a timely subject.

In Columbus, OH we are working with the State Government and 
Colleges/Universities in the  very beginning stages/discussions on how 
we can get secure coding in the classroom and have security be a part of 
the SDLC. Ohio is excited and so are we (Bill Sempf, Aaron Ansari, and 
Connie Matthews). We are very excited on what this can mean to the 
future of secure coding and chipping away at the problem little by 
little (all going in the right direction.)

We taught our first class to our membership last week to almost 100 
developers and the feedback was extremely positive.  We are very excited 
to see where this can go in Ohio.  Jim Manico, Jason Montgomery of 
Veracode and Bill Sempf (Central Ohio OWASP leader) did a fantastic job 
teaching the course.

If anyone can give us any pointers, we are open to discussion. We feel 
that we have the right people to help us make this a reality in Ohio.  
Taking baby steps.

Please feel free to share your thoughts?

Thank you,
Connie
On 6/10/2013 3:55 PM, Konstantinos Papapanagiotou wrote:
> A good reason would be to compete (and win!) at the University 
> Challenge. :)
>
> Kostas
>
>
> On Mon, Jun 10, 2013 at 5:43 PM, DK-OWASP <david.kadow at owasp.org 
> <mailto:david.kadow at owasp.org>> wrote:
>
>     Thank you all for the input.
>
>     TBC, one dimension of messaging in my "Come to AppsecUSA"
>     PowerPoint ( to show at various non-OWASP MeetUps ) is  "Why?"
>     One of the answers to "why?" is
>     "There are 4,000 universities in the US...less than 100 teach
>     secure development. Therefore It's highly likely that your new
>     developers don't know how to keep you safe. Bring them to
>     AppSecUSA, so they can help keep you out of the data breach
>     headlines."
>
>     More to come...
>
>     I welcome your thoughts and comments.
>
>     David Kadow, CISSP
>     ---
>     657-464-3250 (65-ringDBK-0)
>     http://mynfosec.blogspot.com
>     http://www.linkedin.com/in/davidkadow
>
>     On Jun 9, 2013, at 9:57 AM, Martin Knobloch
>     <martin.knobloch at owasp.org <mailto:martin.knobloch at owasp.org>> wrote:
>
>>     This is a great list and starting point to do the University
>>     Outreach once more!
>>     We do have the OWASP Blue Book, /The OWASP Application Security
>>     Code of Conduct for Educational Institutions:/
>>     https://www.owasp.org/index.php/OWASP_Codes_of_Conduct
>>
>>     Doing this properly, we can extend the list of OWASP Educational
>>     supporters:
>>
>>       * What is: https://www.owasp.org/index.php/Academic_Supporter
>>       * List of: https://www.owasp.org/index.php/Academic_Supporters
>>
>>     By addressing the Universities not yet being part of OWASP and
>>     getting the local chapters in touch!
>>     I am more then glad to help!
>>
>>     Cheers,
>>     -martin
>>
>>
>>     On Sun, Jun 9, 2013 at 2:56 PM, James Walden
>>     <james.walden at gmail.com <mailto:james.walden at gmail.com>> wrote:
>>
>>         While the list of universities teaching secure development in
>>         the US is short today, it should expand with the new ACM/IEEE
>>         2013 curriculum standard, which mandate secure development
>>         across the curriculum.  The standards should be finalized by
>>         the end of the year.
>>
>>         Thinking of university education, is anyone else attending
>>         CISSE 2013 (http://www.cisse.info/) this week?
>>
>>         On Sun, Jun 9, 2013 at 7:19 AM, Martin Knobloch
>>         <martin.knobloch at owasp.org
>>         <mailto:martin.knobloch at owasp.org>> wrote:
>>
>>             Hi David,
>>
>>             How can I assist?
>>
>>             Cheers,
>>             -martin
>>
>>
>>             On Sat, Jun 8, 2013 at 3:31 PM, Tom Brennan - OWASP
>>             <tomb at proactiverisk.com <mailto:tomb at proactiverisk.com>>
>>             wrote:
>>
>>                 David, thank you for working on this effort; I do not
>>                 have a answer for your question however your question
>>                 does invoke a mapping of the membership list posted
>>                 on the OWASP website to the list and logical inquiry
>>                 to  Membership & Projects. Martin Knobloch is a very
>>                 a active education advocate and I would not be
>>                 surprised if someone has already conducted analyst on
>>                 this demographic for a related OWASP Project
>>
>>                 OWASP-Leaders your help is requested.
>>
>>
>>                 On Jun 8, 2013, at 9:02 AM, David Kadow
>>                 <david.kadow at owasp.org
>>                 <mailto:david.kadow at owasp.org>> wrote:
>>
>>>                 Quick question: ( this is for the "Come to
>>>                 AppSecUSA" powerpoint I'm composing )
>>>
>>>                 There are approximately 4,000 universities in the
>>>                 U.S., with enrollment of over 17 million students.
>>>                 Do you know how many universities actually teach
>>>                 secure development ? In 30 minutes and 13 pages of
>>>                 google results I find less than 40 ( results below )
>>>
>>>                 arizona.edu <http://arizona.edu/>
>>>                 asu.edu <http://asu.edu/>
>>>                 auburn.edu <http://auburn.edu/>
>>>                 berkeley.edu <http://berkeley.edu/>
>>>                 cmu.edu/ <http://cmu.edu/>
>>>                 cochise.edu <http://cochise.edu/>
>>>                 colorado.edu <http://colorado.edu/>
>>>                 columbusstate.edu <http://columbusstate.edu/>
>>>                 dartmouth.edu <http://dartmouth.edu/>
>>>                 ecsun.edu <http://ecsun.edu/>
>>>                 fau.edu <http://fau.edu/>
>>>                 gvsu.edu <http://gvsu.edu/>
>>>                 hawaii.edu <http://hawaii.edu/>
>>>                 kit.edu <http://kit.edu/>
>>>                 mcsueastbay.edu <http://mcsueastbay.edu/>
>>>                 mit.edu <http://mit.edu/>
>>>                 msstate.edu <http://msstate.edu/>
>>>                 ncsu.edu <http://ncsu.edu/>
>>>                 nku.edu <http://nku.edu/>
>>>                 pitt.edu <http://pitt.edu/>
>>>                 psu.edu <http://psu.edu/>
>>>                 sc.edu <http://sc.edu/>
>>>                 scf.edu <http://scf.edu/>
>>>                 sharif.edu <http://sharif.edu/>
>>>                 sjsu.edu <http://sjsu.edu/>
>>>                 stanford.edu <http://stanford.edu/>
>>>                 ucf.edu <http://ucf.edu/>
>>>                 uic.edu <http://uic.edu/>
>>>                 uis.edu <http://uis.edu/>
>>>                 usc.edu <http://usc.edu/>
>>>                 usouthal.edu <http://usouthal.edu/>
>>>                 utdallas.edu <http://utdallas.edu/>
>>>                 utexas.edu <http://utexas.edu/>
>>>                 utsa.edu <http://utsa.edu/>
>>>                 washington.edu <http://washington.edu/>
>>>                 wisc.edu <http://wisc.edu/>
>>>                 wright.edu <http://wright.edu/>
>>>
>>>                 Any guidance will be appreciated.
>>>                 -- 
>>>
>>>                 David Kadow, CISSP
>>>                 657-464-3250 <tel:657-464-3250>
>>
>>
>>
>>             _______________________________________________
>>             OWASP-Leaders mailing list
>>             OWASP-Leaders at lists.owasp.org
>>             <mailto:OWASP-Leaders at lists.owasp.org>
>>             https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-- 
Constance Matthews        cmatthews at microsolved.com
Account Executive
Phone: 614. 351.1237 X 206
Cell: 614.286.2408
Fax: 512-592-7904

Linked In: www.linkedin.com/in/ConnieMatthews
PGP Key Available by Request
MicroSolved is security expertise you can trust!

HoneyPoint Security Server
Attackers get stung, instead of you!
http://www.microsolved.com/honeypoint
  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130610/749a08f3/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4488 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130610/749a08f3/attachment-0001.bin>


More information about the OWASP-Leaders mailing list